3. Access and Modification Rights Policy
Defines rules for
- visibility: who may see and search for metadata
- download: who may see and search for contents
- license: how can content (metadata) be used
- upload: who may ingest or modify contents and metadata
| Object | Collection | |
| any person |
search, browse read metadata |
search, browse read metadata |
|
person is-part-of |
download datastreams/content |
add new object to collection (person becomes creator by default) add sub-collection to collection (person becomes creator by default) |
|
person is-part-of |
modify metadata modify datastreams/content change accessRights and rights |
modify collection title modify accessRights and rights of collection, sub-collections and objects |
The elements creator, contributor, rightsHolder do not define any technical access restriction. They are purely textual descriptions. Their purpose is to describe the legal situation.
| creator |
author of the resource (Autor, Urheber) |
|
contributor |
person who contributes to the resource (Co-Autor, Assistent) |
|
rightsHolder |
who has the copyright - the exclusive right to control the distribution of the resource. By default, this is the creator. (Person, Hochschule, Verwertungsgesellschaft) |
3.1. Access Content per Object
"read" Object
example: anybody can preview and download the object
Controlled by tag accessRights
"modify" Object
Example: only the owner can modify the object
Controlled by tag creator and rights
3.2. Access Metadata per Collection
"create" Object
Example: only a defined group of persons can create new objects in the collection
Controlled by collection property
3.3. Access rules for AAI-authenticated user
"who" / User groups
| Group | Parameter | Description |
| private | user-id | only one user can be specified. the user's aai-ID must match exactly |
| group | GMT group id | the GMT defines a boolean expression based on aai attributes |
| institution | instituion-id | user's institution (aai-attribute) must match exactly |
| federation | the user needs a aai/shibboleth login from any institution in the federation | |
| public | no check, everybody is granted access |
3.4. Enforce rules by access manager or GUI
- the repository server does not enforce access rules
- access to the repository server is protected by access manager or GUI
- the repository servers trusts the access manager
- other repository servers in the federation don't have to trust the access manager